Situation
The npm module eclint, last published in Oct 2018, is archived since Oct 2020 and is therefore unsupported and unmaintained. It is used in the GitHub Actions workflow eclint.yml "Test Whitespace and line endings".
https://github.com/nodejs/docker-node/security/code-scanning/30 also reports the non-pinned dependency.
Options
jednano/eclint#226 discusses using:
Also implementation of ESLint may be considered.
To pin the dependency eclint (or its replacement) would need a package manager lockfile, as Dependabot doesn't otherwise offer any update mechanism (same for Renovate).
We would need to come to some general consensus about this before it makes sense to submit any related PR.
Situation
The npm module eclint, last published in Oct 2018, is archived since Oct 2020 and is therefore unsupported and unmaintained. It is used in the GitHub Actions workflow eclint.yml "Test Whitespace and line endings".
https://github.com/nodejs/docker-node/security/code-scanning/30 also reports the non-pinned dependency.
Options
jednano/eclint#226 discusses using:
Also implementation of ESLint may be considered.
To pin the dependency
eclint(or its replacement) would need a package manager lockfile, as Dependabot doesn't otherwise offer any update mechanism (same for Renovate).We would need to come to some general consensus about this before it makes sense to submit any related PR.